To comply with EU, UK, and Swiss data protection laws, Cerulean Studios, LLC ("Cerulean") complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), (together, the "DPF"), as set forth by the U.S. Department of Commerce with respect to the personal data we receive and process on behalf of our customers through the Trillian software, services, and websites (together, the "Trillian Services"). Cerulean certifies that it adheres to the DPF principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers in participating countries through the Trillian Services.
We provide the Trillian Services so that our customers can communicate inside and outside their organization and to other organizations via instant messaging. In order to provide the Trillian Services, we process data our customers submit or instruct us to process on their behalves.
We process data submitted by customers for the purpose of providing the Trillian Services to customers. To fulfill these purposes, we may access data to provide the Trillian Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of our customer who submitted the data, or in response to contractual requirements with our customers.
We use a limited number of third party providers to assist us in providing the Trillian Services to our customers. As of the date hereof, these third-party providers perform technical operations such as data storage services, payment services, and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
If we receive personal data subject to our certification under the DPF and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the DPF if both (i) the agent processes the personal data in a manner inconsistent with the DPF and (ii) we are responsible for the event giving rise to the damage.
If you are a resident of a country participating in the DPF and you believe we maintain your personal data within the scope of this DPF certification, you may direct any questions or complaints concerning our DPF compliance to privacy-feedback@ceruleanstudios.com. We will work with you to resolve your issue.
If you are a resident of a country participating in the DPF and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States.
You may also be able to invoke binding arbitration for unresolved complaints. Prior to initiating such arbitration, a resident of a country participating in the DPF must first: (i) contact us and afford us the opportunity to resolve the issue; (ii) seek assistance from JAMS; and (iii) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party will be responsible for its own attorney's fees. Please be advised that, pursuant to the DPF, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the DPF Principles with respect to the resident.
Our DPF compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Some international users (including those whose personal data is within the scope of this DPF certification) have certain legal rights to access certain personal data we hold about them and to obtain its correction, amendment or deletion. Those users may exercise some of those rights through the options described in our Privacy Policy. But please be advised that because our personnel have a limited ability to identify and access an individual user's personal data that our a customer has submitted to the Trillian Services, if you wish to request access, to limit use, or to limit disclosure, we may first refer your request to the customer who submitted your personal data, and we will support them as needed in responding to your request.
We may disclose personal data when we have a good faith belief that such action is necessary to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, or to enforce our contractual obligations.